[24130] in bugtraq
Mrtg Path Disclosure Vulnerability (Revised)
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Tue Feb 5 17:49:34 2002
Message-ID: <00ae01c1ae94$b2102580$718f83d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Cc: <michael@michaelearls.com>
Date: Wed, 6 Feb 2002 00:30:19 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*/This is Mrtg Web Frontend 14all.cgi bug. You may find the revised
security announcement below/*
Mrtg/RRD 14all.cgi Path Disclosure Vulnerability
Type:
Input Validation Error
Release Date:
February 4, 2002
Product / Vendor:
14all.cgi is a CGI script to create html pages and graphics for Mrtg.
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-rrd.html
Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg/RRD
14all.cgi script.
http://host/mrtg.cgi?cfg=blabla
Tested:
Mrtg/RRD 14all.cgi v1.1p15
Vulnerable:
Mrtg/RRD 14all.cgi v1.1p15
And may be other.
Demonstration:
http://barnes.bloomu.edu/cgi-bin/mrtg.cgi?cfg=blabla
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPGBc+buLpFMrXtywEQJRLACfQ6sMmsTi4fD3PG3p7AFDxmo3XogAnj58
fnyk5QpMwxQQ7WBFTQ/w+fj+
=rxm+
-----END PGP SIGNATURE-----
